CVE-2023-28708
First published: Wed Mar 22 2023(Updated: )
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure attribute in some configurations for JSESSIONID Cookie when using the RemoteIpFilter. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain session cookie information, and use this information to launch further attacks against the affected system.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Tomcat | >=8.5.0<8.5.86 | |
| Apache Tomcat | >9.0.0<9.0.72 | |
| Apache Tomcat | >10.1.0<10.1.6 | |
| Apache Tomcat | =11.0.0-milestone1 | |
| Apache Tomcat | =11.0.0-milestone2 | |
| IBM Watson Knowledge Catalog on-prem | <=4.x | |
| redhat/tomcat | <8.5.86 | 8.5.86 |
| redhat/tomcat | <9.0.72 | 9.0.72 |
| redhat/tomcat | <10.1.6 | 10.1.6 |
| redhat/tomcat | <11.0.0 | 11.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/250740
- https://www.ibm.com/support/pages/node/7009747 (Advisory)
- https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67
- https://access.redhat.com/security/cve/CVE-2023-28708
- https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.86
- https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
- https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2181441
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2181442
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2181443
- https://access.redhat.com/errata/RHSA-2023:4909
- https://access.redhat.com/errata/RHSA-2023:4910
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180856#c9
- https://access.redhat.com/errata/RHSA-2023:6570
- https://access.redhat.com/errata/RHSA-2023:7065
- https://bugzilla.redhat.com/show_bug.cgi?id=2180856
Frequently Asked Questions
What is the CVE ID of this vulnerability?
CVE-2023-28708
What is the severity of CVE-2023-28708?
The severity of CVE-2023-28708 is high with a score of 7.5.
How does this vulnerability occur?
This vulnerability occurs when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https.
Which versions of Apache Tomcat are affected by this vulnerability?
Apache Tomcat versions 8.5.0 to 8.5.85, 9.0.0-M1 to 9.0.71, 10.1.0-M1 to 10.1.5, and 11.0.0-M1 to 11.0.0.-M2 are affected by this vulnerability.
How can I fix CVE-2023-28708?
To fix CVE-2023-28708, update Apache Tomcat to version 8.5.86, 9.0.72, 10.1.6, or 11.0.0 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/ibm-support
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-28708
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm watson knowledge catalog on-prem
- version/ibm watson knowledge catalog on-prem/4.x
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/8.5.0
- version/apache tomcat/11.0.0-milestone1
- version/apache tomcat/11.0.0-milestone2
- package-manager/redhat